Legal claims defining the scope of protection, as filed with the USPTO.
1. A method, comprising: producing, by a mobile station, authentication information by performing an authentication procedure with a communication system, the authentication procedure performed through a path external to a second system; exchanging, by the mobile station and through a route external to the communication system, key generation information comprising a shared secret with the second system and wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; and generating, by the mobile station, a communication key to communicate with the second system using at least in part the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system, wherein the communication system comprises at least one base station and the second system comprises at least one server node.
2. The method of claim 1 , further comprising: encrypting an identification code with the communication key generated by the mobile station; and transmitting the encrypted identification code.
3. The method of claim 1 , further comprising: encrypting a password with the communication key generated by the mobile station; and transmitting the encrypted password.
4. The method of claim 1 , wherein: the communication key is generated based at least in part on time information.
5. The method of claim 1 , wherein: the key generation information comprises a password.
6. The method of claim 1 , wherein: the key generation information comprises seed information for a sequence; the generating a communication key comprises generating a next item in the sequence; and the communication key is generated based at least in part on the generated next item.
7. The method of claim 1 , wherein: the authentication procedure performed in the producing the authentication information is a generic authentication architecture authentication procedure.
8. The method of claim 1 , wherein: the authentication information is produced based at least in part on a salt value.
9. The method of claim 1 , wherein the shared secret comprises at least one of: a personal identification number, a password, or a random seed value for a sequence.
10. A method, comprising: requesting and receiving, by a second system, authentication information related to a mobile station from an authentication node of a communication system; exchanging by the second system, through a route external to the communication system, key generation information comprising a shared secret with the mobile station, wherein the shared secret is not known to the communication system and comprises at least one of: a personal identification number, a password, or a random seed value for a sequence, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; and generating a communication key by the second system to communicate with the mobile station using at least in part the authentication information and the key generation information, wherein the communication system comprises at least one base station and-the second system comprises at least one server node.
11. The method of claim 10 , comprising: decrypting an identification code with the generated communication key; and verifying correctness of the decrypted identification code.
12. The method of claim 10 , comprising: decrypting a password with the generated communication key; and verifying correctness of the decrypted password.
13. The method of claim 10 , wherein: the communication key is generated based at least in part on time information.
14. The method of claim 10 , wherein the exchanging the key generation information comprises exchanging a password.
15. The method of claim 10 , wherein: the key generation information comprises seed information for a sequence; the generating a communication key comprises generating a next item in the sequence; and the communication key is generated based at least in part on the generated next item.
16. The method of claim 10 , wherein exchanging, through a route external to the communication system, key generation information comprising a shared secret further comprises exchanging by the mobile station at least the shared secret using one of an infrared connection or a Bluetooth connection to the second system via a network and wherein the mobile station is configured to communicate directly with the communication system.
17. The method of claim 10 , wherein exchanging, through a route external to the communication system, key generation information comprising a shared secret with the mobile station further comprises having a user input the shared secret via a keypad of the mobile station.
18. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising: producing authentication information by performing an authentication procedure between a mobile station and a communication system, the authentication procedure performed through a path external to a second system; exchanging between the mobile station and the second system, through a route external to the communication system, key generation information comprising a shared secret with the second system, wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; and generating a communication key by the mobile station to communicate with the second system based at least in part on the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system, wherein the communication system comprises at least one base station and the second system comprises at least one server node.
19. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising: requesting and receiving by a second system, authentication information related to a mobile station from an authentication node of a communication system; exchanging between the mobile station and the second system, through a route external to the communication system, key generation information comprising a shared secret with the mobile station, wherein the shared secret is not known to the communication system and comprises a personal identification number, a password, or a random seed value for a sequence, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; and generating a communication key for communication of the second system with the mobile station using at least in part the authentication information and the key generation information, wherein the communication system comprises at least one base station and the second system comprises at least one server node.
20. A mobile station, comprising: a processor; and a memory including computer program code, the memory and the computer program code configured to, with the processor, cause the mobile station at least to produce authentication information by performing an authentication procedure with a communication system, the authentication procedure performed through a path external to a second system, perform exchanging, through a route external to the communication system, key generation information comprising a shared secret with the second system, wherein the shared secret is not known to the communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value, and generate a communication key to communicate with the second system based at least in part on the authentication information and the key generation information to establish a communication of the mobile station with the second system using said communication key generated by the mobile station and a second communication key generated by the second system using at least in part the key generation information and said authentication information requested and received by said second system from the communication system, wherein the communication system comprises at least one base station and the second system comprises at least one server node.
21. The mobile station of claim 20 , wherein the memory and the computer program code are further configured to, with the processor, cause the mobile station at least to: encrypt an identification code with the communication key generated by the mobile station; and transmit the encrypted identification code.
22. The mobile station of claim 20 , wherein the memory and the computer program code are further configured to, with the processor, cause the mobile station at least to: generate the communication key based at least in part on time information.
23. The mobile station of claim 20 , wherein the memory and the computer program code are further configured to, with the processor, cause the mobile station at least to: generate a sequence based on seed information in the key generation information; and generate the communication key based at least in part on an item generated by the sequence generator.
24. The mobile station of claim 20 , wherein the mobile station is part of a wireless communication system.
25. An apparatus, comprising: a processor; and a memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus at least to request authentication information related to a mobile station, the authentication information being received from an authentication node of a wireless communication system, perform exchanging between the mobile station and a second system comprising said apparatus, through a route external to the wireless communication system, key generation information comprising a shared secret with the mobile station, wherein the shared secret is not known to the wireless communication system and comprises at least one of: a personal identification number, a password, or a random seed value for a sequence, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second system, if a delay of said transmission received by the second system exceeds a threshold value; and generate a communication key for communication of the second system with the mobile station based at least in part on the authentication information and the key generation information, wherein the wireless communication system comprises at least one base station and the second system comprises at least one server node.
26. The apparatus of claim 25 , wherein the memory and the computer program code are further configured to, with the processor, cause the apparatus at least to: decrypt an identification code with a generated communication key; and verify correctness of a decrypted identification code.
27. The apparatus of claim 25 , wherein the memory and the computer program code are further configured to, with the processor, cause the apparatus at least to: generate a communication key based at least in part on time information.
28. The apparatus of claim 25 , wherein the memory and the computer program code are further configured to, with the processor, cause the apparatus at least to: generate a sequence based on seed information in the key generation information; and generate a communication key based at least in part on an item generated by the apparatus.
29. The apparatus of claim 25 , wherein the apparatus comprises a functionality of a network application function node for a wireless communication system.
30. The apparatus of claim 25 , wherein exchanging, through a route external to the wireless communication system, key generation information comprising a shared secret further comprises exchanging by the mobile station at least the shared secret using one of an infrared connection or a Bluetooth connection to the second system via a network and wherein the mobile station is configured to communicate directly with the communication system.
31. The apparatus of claim 25 , wherein exchanging, through a route external to the wireless communication system, key generation information comprising a shared secret with the mobile station further comprises having a user input the shared secret via a keypad of the mobile station.
32. A system, comprising: a mobile station; a controller in the mobile station configured to produce authentication information by performing an authentication procedure with a first authentication node associated with a first communication system through a path external to a second communication system; a controller in the mobile station configured to perform exchanging key generation information with a controller in a second authentication node associated with the second communication system through a route external to the first communication system, said exchanging the key generation information comprises providing a time value of a transmission initiated by the mobile station for performing at least one of: issuing an error message and interrupting said exchanging by the second communication system, if a delay of said transmission received by the second communication system exceeds a threshold value; a requester in the second authentication node configured to request authentication information related to the mobile station from the first authentication node; wherein the key generation information comprises a shared secret with the mobile station, wherein the shared secret is not known by the first communication system and comprises at least one of: a personal identification number, a password, or a random seed value for a sequence; and a key generator in the second authentication node configured to generate a communication key based at least in part on the authentication information and the key generation information to establish a communication of the second communication system with the mobile station using said communication key generated in the second authentication node and a communication key generated by the mobile station using at least in part the key generation information and said authentication information, wherein the first communication system comprises at least one base station and the second communication system comprises at least one server node.
33. The system of claim 32 , wherein: the first communication system is a wireless communication network.
34. The system of claim 32 , further comprising: the second communication system is a local area network.
35. The system of claim 32 , further comprising: a key generator in the mobile station configured to generate a communication key based at least in part on the authentication information and the key generation information.
Unknown
November 12, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.